On Sun, Apr 12, 2009 at 10:50 PM, Steven M. Bellovin
<smb%cs.columbia.edu@localhost> wrote:
> On Sun, 12 Apr 2009 21:36:58 -0400
> matthew sporleder <msporleder%gmail.com@localhost> wrote:
>
>> Hey, guys. I have a little project I whipped up for centralizing a
>> place to get reports on the freshness and vulnerabilities of pkgsrc
>> clients in a network. Basically, each client can send in their list
>> of packages and the server will record it, check if it's out of date
>> (newer source or binary available), and check if it's vulnerable. I
>> haven't done a ton of testing, but it's functionally complete and
>> working on NetBSD boxes with current-ish pkg_* tools. Check it out
>> and let me know what you think:
>>
>> http://code.google.com/p/pkgsrc-dashboard/
>>
> This sounds like a great idea! From the description on that web site,
> I'd make one important change: it should be possible to get the client
> data either by server pull or by client push. The reason is that some
> client systems, especially laptops, are not accessible for server pull,
> at least via ssh. They may be at a customer site behind a firewall, in
> a hotel or residence behind a NAT, or may simply have a dynamic IP
> address.
>
The architecture is:
client -- HTTP --> server. I wanted to avoid ssh/pull initially
because of the reasons you state above. In the future I would like to
see it work both ways (you never know how the firewall is setup), but
I targeted http outbound because it's usually the most open.
Thanks for the encouragement,
Matt